Bad news for… well, pretty much everyone except identity thieves. Last fall we covered the Equifax hack, described as “one of the largest and most significant data security lapses in history” and now it seems to be much worse than previously thought. In addition to the wealth of information we already knew was accessed by criminals - names, Social Security numbers, birth dates, addresses, driver’s license and credit card numbers - Equifax recently disclosed that fraudsters got their hands on even more finely detailed information - tax ID numbers, email addresses, phone numbers, credit card expiration dates and issuing states for drivers license numbers, according to USA Today.

It certainly adds insult to injury for the 145.5 million American consumers who were put at risk by the hack and frustrated by Equifax’s less-than-stellar response to the problem:

Equifax waited months to disclose the hack. After it did, anxious consumers experienced jammed phone lines and uninformed company representatives. An Equifax website set up to help people determine their exposure was described as sketchy by security experts and provided inconsistent and unhelpful information to many. The company blamed the online customer help page’s problems on a vendor’s software code after it appeared that it had been hacked as well.

The hack has been a wake up call to the tenuous nature of digital security for many consumers. After all, if a giant company that’s entire job is to keep and differentiate the data of individuals so that banks and credit card companies can make sound investments - if they can’t outsmart identity thieves, what chance does the average person have?

Many consumers are angry, and rightly so. Hopefully, their collective anger will amount to change in how companies are held accountable for data breaches. Legislation proposed by Senators Elizabeth Warren and Mark Warner create mandatory penalties for data breaches at credit reporting agencies like Equifax - a base penalty of $100 for each consumer who had one piece of personal information compromised and another $50 for each piece of additional information per consumer. If the law was in place before this massive breach, Equifax would have had to pay at least $1.5 billion in penalties. Other proposed legislation aims to correct credit report errors and give consumers more transparency about what data is being collected and stored.

Not only will this hack have a long-lasting impact on the real estate business and the ability of mortgage lenders to judge the creditworthiness of home buyers, it emphasizes how top-notch digital security is an absolute must for any business that collects and stores sensitive information.